Home / Vulnerability Intelligence / CVE-2026-5965

CVE-2026-5965 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 21, 2026

NewSoft NewSoftOA - OS Command Injection

Published: April 21, 2026Updated: April 21, 2026Remote Exploitable

Overview

NewSoft NewSoftOA contains an OS command injection caused by improper input sanitization, letting unauthenticated local attackers execute arbitrary OS commands on the server, exploit requires local access.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Unauthenticated local attackers can execute arbitrary OS commands, potentially leading to full system compromise.

Mitigation

Update to the latest version of NewSoftOA.

References

https://www.twcert.org.tw/en/cp-139-10857-c46f7-2.html
https://www.twcert.org.tw/tw/cp-132-10856-4979f-1.html

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-5965
Severity: Critical
CVSS Score: 9.8
Type: command_injection
Status: new

CWE

CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H